32. Are you familiar with parsing vulnerabilities? What are the different types?
IIS
- In directories named
*.aspor*.asa, any extension may be parsed as ASP. - On IIS 6.0, content after a semicolon
;is ignored.
Nginx
- Accessing
demo2.jpg/aaa.phpwheredemo2.jpgexists: Nginx passes to PHP because of.phpsuffix; PHP executesdemo2.jpgif it exists, returning “Access denied.” if not a PHP file. - Null byte (
%00) truncation.
Apache
Apache parses a file from right to left until it encounters a recognised executable script extension.